The Absence of Indicators

Name The Absence of Indicators
Sources (Egelman, 2009)
Synonyms None
Context An indicator should be used when a danger has been detected, or additional information is available which may lead the user to believe the a website is unsafe.
Problem Some indicators indicate positive things, thus, users are supposed to be alerted when these indicators do not appear on a webpage. However, many users are unalarmed by the absence of these indicators or simply fail to take notice.
Solution Users should not be expected to notice the absence of an indicator. Instead of using positive indicators when at a “good” website, use a negative indicator to indicate a “bad” website.
Examples The SiteKey indicator as used by PNC bank. For this security indicator to be effective, the user is required to notice the absence of the tiger picture on a spoofed PNC website.Example Source: (Egelman, 2009)
Implementation When using warning message to distinguish between good and bad websites, do not use indicators to denote good websites. Either use warning message when encountering bad websites, since there will be less of an incentive to spoof these, or use pervasive contextual indicators. Both types of indicators should be inserted by the web browser so that website designers will have a harder time spoofing the indicators.
Consequences Building on Noticeable Contextual Indicators, absent indicators are rarely noticed because there is nothing to examine at the user’s focus of attention. When positive indicators are used for trust, attackers can also mimic them and confuse the user. Most users do not know the difference between chrome and content, therefore there is an incentive for the attacker to spoof positive indicators. When negative indicators are used, there are fewer incentives for the attacker to spoof them.
Dependencies None
Relationships [Noticeable Contextual Indicators]
Principles [Consistent Controls and Placement]
Guidelines None
Check lists None
Use cases None
Tags The Absence of Indicators, Noticable Contextual Indicators, Fail Safety, Expectation Conformity
Log history [12/21/2015]: Added to repository

References

Egelman, S., 2009. Trust me: Design patterns for constructing trustworthy trust indicators. ProQuest.